Linux in Government: How to Misunderstand the Enterprise Linux Desktop

Exploring the differences between popular and enterprise Linux distributions.
What Does this Mean for Your Enterprise?

Linux disrupts enterprises because it's different from what enterprises are used to using. Windows also disrupts enterprises for three reasons. First, Microsoft will break Windows XP with its Service Pack 2. Second, previous versions of Windows will not receive the fixes available for XP, so they are not supported and become deprecated. Third, the next version of Windows--due in two years--makes radical changes in filesystems and application program interfaces (APIs). Microsoft also will be phasing out the Win32 standard in its next OS release.

This week, in DallasNews.com (The Dallas Morning News), Allison Linn gives us an overview of the deteriorating security picture facing Windows XP users in "Windows Security Upgrade Set for Launch". According to Linn's article, next month Microsoft will release Service Pack 2 for Windows XP. It's a response to a long sequence of attacks and vulnerabilities that have plagued Microsoft software. SP2 (for Windows XP only) is designed to mitigate the ill effects of the viruses, spam and malware that have been wreaking havoc for Windows desktop users and system administrators. Finally electing security over convenience, SP2 is likely to break a lot of applications that run on XP. John Pescatore, vice president of Internet security at Gartner Research, said, "The applications that will break with SP2 were essentially doing things wrong from a security perspective." Although companies are rushing to improve the compatibility of their applications or to negotiate changes at the last minute with Microsoft, they are complaining that SP2 creates headaches. A spokesperson from RealNetworks, Erika Shaffer, said, "The changes Microsoft is proposing for SP2 will have serious negative consequences on the consumer experience of many applications and Web sites."

Next-Gen Windows Is a Radical Change

Add to Microsoft's security woes an under-reported challenge enterprises will face in making the transition to Microsoft's next version of Windows. The next version of Windows produces an equally disruptive effect on Microsoft's installed base. Microsoft's technologies place as much if not more demands on an enterprise IT departments as a full-house transition to Linux, which wouldn't be required given the cross-platform nature of open-source software. For the first time, this theme sees the full light of day in Tang Weng Fai's article, "Does Linux really kill jobs?", published in The Business Times on-line edition (Singapore).

Two Disruptive Forks in the Road

So, a fork exists in the road. Enterprises ultimately will confront these issues and must start considering their options. In making this choice, consider something a bit esoteric in IT circles--the difference between enterprise software and popular software. Also, consider that you can own enterprise software today for less than you paid for popular software yesterday.

One of the aspects of achieving Common Criteria Certification for Linux involves versioning. Both Novell SuSE and Red Hat won the EALS based on platforms that are two generations old. That means Linux was good enough two versions ago to be considered safe. The Novell SuSE version used to achieve EAL 3 is 8.0 or SLES and contains an older kernel (Linux 2.4 kernel and glibc 2.25). So, what's the difference between an enterprise version and a popular Version? Without knowing the answer to this question, one could be left with a false impression of Linux.

Some good examples of popular Linux are Novell SuSE Linux 9.1 or Fedora Core 2, the latter previously being Red Hat's plain vanilla version used by most free software enthusiasts. These are the latest versions of the major GNU/Linux distributions; the latest from Debian, Gentoo and others similarly qualify as popular Linux. Popular Linux is production-ready but is maintained by programmers in the community, analogous to maintenance programmers in an enterprise--updating and fixing code that is in production but not quite battle hardened.

In the context of amount of ongoing development activity, popular Linux resembles popular Windows. Windows Service Packs are the equivalent of cumulative maintenance programming fixes. Any given version of Windows is in maintenance mode, not in enterprise production-ready mode, after being released to the public. Once Windows reaches the space of a Linux or UNIX enterprise mode, Microsoft phases its version out.

We can make a primary distinction about enterprise Linux as opposed to popular Linux: the innovation harbored in enterprise Linux is cumulative and is not discontinued. These may seem like minor points, but they mean the world in the context of a discussion on the quality of national and corporate IT infrastructure, of spending tax dollars, of deploying military and private resources and of saving lives.

Enterprise Linux goes through a rigorous development and qualification process, which to many enterprise IT departments means that Linux is never production-ready. But that's not true. GNU/Linux is not only one thing, although many people hold such an image.

Red Hat came to this conclusion and chose to eliminate its long-time retail product and turn it into a free project, called Fedora. The free project hosts the experimental work. Then, when stable, new innovations stream into Red Hat's enterprise products in a steady fashion. For example, Red Hat will implement Security Enhanced Linux (SE Linux), which was developed within the National Security Agency (NSA), our national eavesdropping bureau. This will be implemented in the open-source project, Fedora, where it can be broken in by the Open Source community. It will not reach Red Hat's enterprise products until it's soup or, more likely, until it's been certified under rigorous international security standards, such as the Common Criteria.

This approach to popular and enterprise Linux allows Red Hat continuously to improve and develop its distribution of GNU/Linux and to implement important changes in its enterprise product at a responsible pace. In this way, Red Hat generates innovation from the Open Source community, without tuning its production enterprise products on the backs of enterprise users.

The rigors of keeping up with popular distributions hasn't been lost on Novell SuSE either. Novell continues to offer a retail product while marketing an enterprise offering through its primary business and government partners. Within its business partner channel lies IBM, which probably provides Novell SuSE with its largest marketing outlet. IBM has marketed Novell SuSE Enterprise products since Fall 2000. Currently, Novell SuSE Enterprise Linux runs on the entire line of IBM eServers, from the xSeries (Intel) to the zSeries (S/390 mainframes), including the pSeries and iSeries (RS-6000 and AS/400).

It's pretty clear that a difference exists between popular Linux and enterprise Linux. And it's important that people absorb these distinctions. You can buy enterprise quality Linux with popular applications and interoperability extensions from Sun Microsystems, for example, for 20% of the cost of a Microsoft desktop package. You'll need to look for other pricing ratios within Novell's SuSE and Red Hat's Enterprise Desktop models.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

While Linux is making progress, the Red Hat common criteria evaluation is a joke. EAL2 assurance doesn't even require complete testing or access to developers, so isn't much, despite distinguished company. Worse, the Common Criteria Certification report says:
The following features of Red Hat Enterprise Linux were specifically excluded from the evaluation:

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

EAL Certification does not mean much, if it is based on limited conditions and is based on a security target that is not very strict. Obviously the Red Hat certification has limitations in practical terms, but for that matter, so did Windows 2000, which supposedly was not supposed to run applications, be connected to the internet or have a floppy drive for its certification. Kind of makes one wonder about the whole process does it not?

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

Those terms for Windows related to C2 certification and had to do with Windows NT 3.51.

The Common Criteria certs mean quit a lot. Where do you MS trolls come from? Are you trained in disinformation? Where will you apply those skills once MS bites the dust?

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

He didn't say that Common Criteria doesn't mean much, he said that the EAL level doesn't mean much, which is true. Much more meaningful is the protection profiles (PP) tested against and the restrictions. In that sense, the chart given in the article is quite misleading, because the EAL level given doesn't have much to do with the level of security of the system under evaluation. It has more to do with the level of assurance that the system in question really mets the certification that it gets.

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

This is from a Microsoft troll.

Ignore at will.

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

Did you say that the RH CC was a joke?

You're an expert -- and we should do what with your opinion? Make a buying decision? Grow tomatoes? What?

Let me see if I understand this. You take something out of context, write an opinion and it's supposed to mean something. IS that right?

So, X- Windows is important for a server? Support for Appletalk and IPX?

When Apache gets it's own CC - then Red Hat will be OK?

Why did you bother to write anything? To amuse yourself?

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

Maybe, he thinks he knows something about benchmarks or certifications. I didn't get that he did. What was the point?

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

Some people feel like they need to vote on everything. They can't just shutup and listen. I didn't think his comment was particularly important, amusing or thoughtful. He must have thought he was on Slashdot or one of the Debian mailing lists. I guess.

Re: Linux in Government: How to Misunderstand the Enterprise Lin

cjcox's picture

Minor correction:
Red Hat came to this conclusion and chose to eliminate its long-time retail product and turn it into a free project, called Fedora.

Red Hat's offering has always been free. Though they did have a retail package that you could buy (most just downloaded it). The major change is that it went from a solely Red Hat developed offering to a community developed offering (with Red Hat owning the guidance and direction) with a more frequent release schedule.

Re: Linux in Government: How to Misunderstand the Enterprise Lin

Anonymous's picture

I discussed this with Leigh May in an interview. Red Hat called it their retail product. No one said anything about it being free. Although at the time, it was free. It just didn't enter into the conversation. The conversation centered around subscriptions at $60 per year per machine.

She did say that they wanted it to be more community based- but they were discontinuing the Retail Product and service. Not that it matters much since they did discontinue it, got the brand changed and only sell Enterprise Linux.

Is anyone confused by that? Or that Matthew said Windows was better for the home user?

Tom

So much for Freedom? Fedora trademark use restrictions

Anonymous's picture

http://fedora.redhat.com/about/trademarks/guidelines/page4.html

So much for "Freedom"? Fedora started out as an attempt to beat Debian at their own "game". It's now a Red Hat Software sub project, and thus, is corporate controlled. I much prefer the co-operative and open style of the Debian GNU/Linux project and Software in the Public Interest, where just about anyone can apply to become a maintainer, and thereby receive voting rights within the democratic organization:

http://www.debian.org/devel/
http://www.spi-inc.org/

Re: Linux in Government: How to Misunderstand the Enterprise Lin

cjcox's picture

That wasn't worded as clearly as I liked... obviously Red Hat, like all other Linux distributions is dependent on community contributions and free software. However Red Hat owned the organization, administration and installation aspects of their product in that they alone developed on those pieces until Fedora.. now there is even more community involvement and a bit less red tape (hmmm... now I know why it's called RED tape).

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix